Statesman Editorial: Cybersecurity threats require better defense

The more the onslaught of cyber-incidents mounts and invades our private lives, commerce and government sectors, the more bewildered we seem to be about the appropriate level of response to meet it.

Just this week we learned that hackers now are breaching the computer systems of travel reservation distributors — this after recent attacks targeting large insurance companies and the U.S. government’s personnel office.

Recently a retired general mentioned to a member of the Statesman Editorial Board that his identity was among the nearly 22 million caught up in the data breach at the U.S. Office of Personnel Management.

Though it is scary, it is not hard to extrapolate the damage and mayhem that future incidents could inflict — or what our enemies could do with the knowledge of who in our government or military, for instance, is flying where and when.

Be the first to know.

No one covers what is happening in our community better than we do. And with a digital subscription, you'll never miss a local story.

As these attacks on our worlds continue — estimated to be millions daily — we have to do more than simply lament that another segment has been breached. When will our president and lawmakers give cybersecurity safeguards the Manhattan Project-level of resources and fast-track signal this menace deserves? Soon, we hope.

We believe awareness is on the rise, but what we don’t see is the all-hands-on-deck approach on the agendas in Washington, D.C. — or, for that matter, from any of the announced candidates for president from any party.

We applaud Gov. Butch Otter’s move to establish an Idaho task force for cybersecurity, but we hope the group moves quickly and gets members of industry involved, instead of just a collection of state agency heads.

Last November the Idaho Bureau of Homeland Security convened the Idaho Cybersecurity Interdependencies Workshop, which was an eye-opener and wake-up call for anyone who heard the presentations from experts at the Idaho National Laboratory.

INL has developed expertise in thwarting cyberattacks because of its highly sensitive missions. The state of Idaho is in a position to capitalize and implement the best practices and safeguards used at INL and private sector companies that deal with attacks around the clock.

Beyond finding ways to stop them, we must consider the liability costs of what comes after these incidents. A growing concern is the level, duration and expense of postincident litigation.

In testimony last month before the House Committee on Homeland Security’s Subcommittee on Cybersecurity, Infrastructure Protection, and Security Technologies, Brian E. Finch of the George Washington University Center for Cyber and Homeland Security made the following statement: “Every new terrorist incident spurs numerous new lawsuits. Cyberattacks are no different. High-profile attacks spur multiple lawsuits, and indeed the cost of managing a cyberattack is beginning to represent one of the most expensive consequences of a cyberattack. Considering that millions of cyberattacks occur daily, and that these attacks are growing more sophisticated and successful with each passing moment, liability protections for cybersecurity vendors and users is absolutely critical.”

There is a hope that a certification process for Qualified Anti-Terrorism Technology (QATT) could have beneficial results: It could be an incentive for companies and jurisdictions to purchase and deploy DHS-certified equipment (thus stopping attacks), and provide a measure of liability protection for those who manufacture and implement it.

Whatever our course of action in Idaho or throughout the nation, we need to more robustly communicate the devastating impact of attacks, and speed up our search and installation of protocols and equipment safeguards.

Hackers never sleep.

Statesman editorials are the unsigned opinion expressing the consensus of the Statesman’s editorial board. To comment on an editorial or suggest a topic, email editorial@idahostatesman.com.